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DETAILED ACTION 

1. Applicant's amendment filed on September 23, 2005 has been entered. 
Claims 1-24, 26-54, 56, and 59 are pending. Claims 1, 27, and 37 are amended by the 
applicant; and claims 25, 55, and 57-58 are also cancelled by the applicant. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-23 and 26-54, and 56 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Jacobson (US 5,548, 649), and further in view of Boyle et al 
(US 5,940,591). 

a. Referring to claims 1, 27, 37: 
i. Jacobson teaches: 

(1) selectively routing, over said relatively insecure 
intermediate network or said relatively secure intermediate network [i.e., this insecure 
and secure intermediate network is met on column 1, lines 47-63; and as shown 
in Figure 1 and as well as column 3, lines 66-67 through column 4, lines 1-7], a 
predetermined type of communication identified by a trigger from the first end terminal 
to the second end terminal over said relatively insecure intermediate network by means 
of at least one network element triggerable to refer to information held in a storage 
means to selectively route said communication according to said information held in 
said storage means [i.e., referring to Figure 1, the foregoing problems are solved 
by a network local security bridge and corresponding method for bridging a first 
side of a network and a second side of the network. The first side includes local 
secure zone host devices within a local secure zone established by the network 
local security bridge. The second side includes remote secure zone host devices 
within remote secure zones established by network remote security bridges, 



Application/Control Number: 09/934,166 
Art Unit: 2135 



Page 3 



wherein the bridges route the data packet from one side of the network to another 
(column 1, lines 27-35)]; and 

(2) encrypting said selectively routed communication by 
means of an encryption engine before it traverses said intermediate network, wherein 
said at least one network element and said encryption engine are located substantially 
within said first secure network [i.e., the data packet processor encrypts the data 
frame of the first side data packet when its source and destination addresses 
respectively specify one of the local secure zone host devices and one of the 
remote secure zone host devices (column 1, lines 47-51)]. 

ii. Although Jacobson does not explicitly point out the 
distribution and/or routing of security information between the first network and the 
second network, Boyle teaches: 

(1) Referring to Figure 2, a variation is shown employing 
SNIUs for internetwork connections. A bridge SNIU is used between two private 
networks (shaded ovals) using the same security labeling semantics but which operate 
at two different protection levels. The networks may be controlled by a single network 
security manager SM, or each network can have its own security manager SM. A 
gateway SNIU is used between two networks using different security labeling 
semantics, for example, a Type A network may use labels (Top Secret, Secret, 
Confidential, Unclassified) and a Type B network may use the labels (Most Secret, 
Secret, Restricted, Confidential, Releasable). A guard SNIU is used to support 
communications between a private network and a public network. The network security 
system of the invention is divided into two major functional areas: the Trusted Session 
Protocol (TSP) hosted by the SNIU, which is responsible for the management of the 
data path and the passing of data; and the Security Management architecture, 
consisting principally of the Security Manager (SM), which is responsible for security 
management of the network (column 4, lines 51-67 through column 5, lines 1-4). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 
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(1) include such distribution of security information 
between first network and second network in Jacobson for providing security and multi- 
level security for a non-secure network (column 1, lines 13-14 of Boyle). 

iv. The ordinary skilled person would have been motivated to: 

(1) include such distribution of security information 
between first network and second network in Jacobson since it would be highly 
desirable to provide multi-level security in a non-secure environment, i.e.. where both 
the network and the hosts are not trusted, so that existing hosts and network assets 
would not have to be replaced by trusted hosts or secure network assets. It is also 
required that such an MLS system must provide user accountability and data integrity 
during all phases of operation within the network (column 2, lines 35-41 of Boyle). 

b. Referring to claim 2: 

i. Jacobson further teaches: 

(1) wherein said at least one network element comprises 
switch means provided with control means and said storage means [i.e., referring to 
Figure 1, network security bridges (104-1, 104-3), that are switches for "providing 
with control means and storage means", includes first and second side interface 
controllers and routes data packet from one side to another (column 1, lines 35- 
36)]. 

c. Referring to claims 3 and 4: 

i. Jacobson further teaches: 

(1) wherein said storage means is operable to store said 
information comprising routing information and security information [i.e., referring to 
Figure 1, the network local security bridge includes first and second side 
interface controllers and data packet processor for encrypting/decrypting data 
frame. The first side interface controller receives from the first side of the 
network a first side data packet and the second side interface controller receives 
from the second side of the network a second side data packet. The received first 
and second side data packets each contain a source address, a destination 
address, and a data frame (column 1, lines 35-43)]. 



Application/Control Number: 09/934,166 
Art Unit: 2135 



Page 5 



d. Referring to claims 5-7. 14-15. 28-35, 43-46: 

i. These claims have limitations that is similar to those of 
claims 2-4, thus they are rejected with the same rationale applied against claims 2-4 
above. 

e. Referring to claim 8: 

i. Jacobson further teaches: 

(1) identifying said predetermined type of communication 
by means of at least one of the following: originating subscriber characteristics; 
destination subscriber characteristics; payload characteristics; and network service 
characteristics [i.e., in the network, normal data and bridge management 
communication is made between and among the hosts, bridges, and the gateway 
with ethernet data packets (wherein "originating subscriber characteristics; 
destination subscriber characteristics; destination subscriber characteristics; 
payload characteristics; and network service characteristics" are considered to 
include in these data packets). These data packets include an ethernet header 
and an ethernet data frame. The ethernet header includes an ethernet source 
address, an ethernet destination address, and an ethernet protocol identifier. The 
ethernet data frame includes an IP header and an IP data frame or portion. The IP 
header includes an IP source address, an IP destination address, and an IP 
protocol identifier. The IP data frame includes the data that is to be 
communicated (column 2, lines 57-67)]. 

f. Referring to claims 9 and 10: 

i. These claims have limitations that is similar to those of claim 
8, thus they are rejected with the same rationale applied against claim 8 above. 

g. Referring to claims 11. 18-21. 36. 48-52: 

i. These claims have limitations that is similar to those of 
claims 1 and 4, thus they are rejected with the same rationale applied against claims 1 
and 4 above. 

h. Referring to claims 12 and 13: 
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i. These claims have limitations that is similar to those of 
claims 3 and 4, thus they are rejected with the same rationale applied against claims 3 
and 4 above. 

i. Referring to claim 16: 

i. Jacobson further teaches: 

(1) further comprising providing a service management 
access point for accessing and changing said information held in the storage means 
[i.e., from the information provided by the commands, that is "for accessing and 
changing information held in the storage means", issued with the user terminal, 
the bridge manager determines that the user seeks to perform a bridge local 
install or view operation. After determining this, the bridge manager determines 
whether the user is authorized to perform the bridge local install or view 
operation. This is done by comparing the user's i.d. and password for accessing 
local bridge 104-1 with those stored in the authorization table 244 and looking up 
the user's authorization level in the authorization table 244 (column 10, lines 19- 
28)]. 

j. Referring to claim 17: 

i. Jacobson further teaches: 

(1) wherein said security information comprises 
decryption information, a distribution of said decryption information being triggered 
according to a predetermined schedule [i.e., the bridges 104-1 to 104-3 include 
encryption and decryption software and/or hardware so that normal data 
communication and bridge management communication between secure zones 
108-1 to 108-3 is made by encrypting and decrypting the IP data frame in the 
transmitted or received data packet (column 3, lines 31-36)]. 
k. Referring to claim 22: 

i. Jacobson further teaches: 

(1) wherein said security information is transferred to the 
at least one network element located in the second secure network by means of a 
secure communication route operated by trusted network operators [i.e., referring to 
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Figure 1, encrypted data packets transmit through network security bridges, 104- 
1 to 104-3, which includes first and second side interface controllers and data 
packet processor for encrypting/decrypting data frame (column 3, lines 31-36)]. 

I. Referring to claim 23: 

i. Jacobson further teaches: 

(1) wherein said security information is transferred to the 
at least one network element located in the second secure network by means of a 
secure communication route over said relatively insecure intermediate network [i.e., 
referring to Figure 1, encrypted data packets transmit between secure zone 108-1 
to 108-3 through network security bridges, 104-1 to 104-3, and pass over the area 
that are not within a secure zone, which contains unsecure hosts, 102-8 to 102-10 
(column 3, lines 50-67 through column 4, lines 1-7)]. 

m. Referring to claim 26: 

i. Jacobson teaches: 

(1) A method for the distribution of security information 
between a first node in a first secure network and at least one second node in a second 
secure network, said first and second networks being separated by a relatively insecure 
network, wherein communications from said first node to the at least one second node 
via said relatively insecure network are encrypted, including the step of providing at 
least one network element operable to store security information and triggerable to 
distribute said security information in a secure manner from said first node to at least 
one target node in said second secure network, [i.e., referring to Figure 1, the 
network local security bridge includes first and second side interface controllers 
and data packet processor for encrypting/decrypting data frame. The first side 
interface controller receives from the first side of the network a first side data 
packet and the second side interface controller receives from the second side of 
the network a second side data packet. The received first and second side data 
packets each contain a source address, a destination address, and a data frame 
(column 1, lines 35-43). In addition, the data packet processor encrypts the data 
frame of the first side data packet when its source and destination addresses 
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respectively specify one of the local secure zone host devices and one of the 
remote secure zone host devices (column 1, lines 47-51)]. 

ii. Although Jacobson does not explicitly point out the 
distribution and/or routing of security information between the first network and the 
second network, Boyle teaches: 

(1) Referring to Figure 2, a variation is shown employing 
SNIUs for internetwork connections. A bridge SNIU is used between two private 
networks (shaded ovals) using the same security labeling semantics but which operate 
at two different protection levels. The networks may be controlled by a single network 
security manager SM, or each network can have its own security manager SM. A 
gateway SNIU is used between two networks using different security labeling 
semantics, for example, a Type A network may use labels (Top Secret, Secret, 
Confidential, Unclassified) and a Type B network may use the labels (Most Secret, 
Secret, Restricted, Confidential, Releasable). A guard SNIU is used to support 
communications between a private network and a public network. The network security 
system of the invention is divided into two major functional areas: the Trusted Session 
Protocol (TSP) hosted by the SNIU, which is responsible for the management of the 
data path and the passing of data; and the Security Management architecture, 
consisting principally of the Security Manager (SM), which is responsible for security 
management of the network (column 4, lines 51-67 through column 5, lines 1-4). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) include such distribution of security information 
between first network and second network in Jacobson for providing security and multi- 
level security for a non-secure network (column 1, lines 13-14 of Boyle). 

iv. The ordinary skilled person would have been motivated to: 
(1) include such distribution of security information 

between first network and second network in Jacobson since it would be highly 
desirable to provide multi-level security in a non-secure environment, i.e.. where both 
the network and the hosts are not trusted, so that existing hosts and network assets 
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would not have to be replaced by trusted hosts or secure network assets. It is also 
required that such an MLS system must provide user accountability and data integrity 
during all phases of operation within the network (column 2, lines 35-41 of Boyle), 
n. Referring to claims 41, 42: 

i. These claims have limitations that is similar to those of claim 
26, thus they are rejected with the same rationale applied against claim 26 above, 
o. Referring to claims 38. 39: 

L Jacobson further teaches: 

(1) including decryption means located substantially 
within the second secure network; wherein said decryption means are provided at the 
second end terminal [i.e., referring to Figure 1, the data packet processor, which 
includes in network security bridge, decrypts the data frame of the second side 
data packet when its source and destination addresses respectively specify one 
of the remote secure zone host devices and one of the local secure zone host 
devices (column 1, lines 55-59)]. 

p. Referring to claim 40: 

i. Jacobson further teaches: 

(1) wherein said decryption means are provided at a 
node other than the second end terminal [i.e., referring to Figure 1, network security 
bridges (104-1 to 104-3) includes data packet processors, these are "decryption", 
for decrypting the data frame. Jacobson discloses three different data packet 
processors as shown in Figure 1]. 

q. Referring to claim 47: 

i. This claim has limitations that is similar to those of claim 17 t 
thus it is rejected with the same rationale applied against claim 17 above, 
r. Referring to claim 53: 

i. This claim has limitations that is similar to those of claim 22, 
thus it is rejected with the same rationale applied against claim 22 above, 
s. Referring to claim 54: 
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i. This claim has limitations that is similar to those of claim 23, 
thus it is rejected with the same rationale applied against claim 23 above, 
t. Referring to claim 56: 

L This claim has limitations that is similar to those of claims 1 
and 26, thus it is rejected with the same rationale applied against claims 1 and 26 
above. 

4. Claims 24 and 59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Jacobson, and further in view of Thomas (US 6,421, 339 B1). 
a. Referring to claims 24 and 59: 

i. Jacobson does not mention: 

(1) providing said routing and/or access point to a 
subscriber in a visited network by virtue of a roaming agreement between the operator 
of the visited network and the operator of the subscriber's home network. 

ii. Thomas teaches: 

(1) allowing a H.323 compliant user to roam to another 
H.323 compliant network that is recognized by that users home gatekeeper. After 
arriving at the visited network, the roaming user registers with a visited gatekeeper. The 
visited gatekeeper authorizes the registration by determining the network of the roaming 
user and that a roaming agreement exists between the visited and home network 
(column 6, lines 20-27). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) include such roaming agreement in Jacobson's 
network security bridging system to have a capability to call to a H.323 compliant data 
packet network (column 6, lines 40-42 of Thomas). 

iv. The ordinary skilled person would have been motivated to: 
(1) include such roaming agreement in Jacobson's 

network security bridging system for accommodating roaming endpoint users across 
H.323 compliant network domains (column 1, lines 6-8 of Thomas). 

Response to Argument 
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5. Applicant's arguments filed September 23, 2005 have been fully 
considered but they are not persuasive. 

About applicant's initial matters addressing in the remarks, examiner 
believed that the amended limitation has been disclosed in the previous Office Action 
mailed on June 28, 2005 (see Page 3 of the Office Action) wherein examiner stated 
that: 

(1) selectively routing, over one of said relatively insecure intermediate 
network and said relatively secure intermediate network [i.e., this insecure and secure 
intermediate network is met on column 1, lines 47-63; and as shown in Figure 1 
and as well as column 3, lines 66-67 through column 4, lines 1-7]. 

Applicant argues that: 

Jacobson fails only one network, not a plurality of networks. Thus, 
Jacobson does not teach what is recited in the claims. 

Examiner totally disagrees with the applicant and still maintains that: 
Jacobson does teach the claimed subject matter. In fact, Jacobson 
teaches a network local security bridge and corresponding method for bridging a first 
side of a network and a second side of the network. The first side includes local secure 
zone host devices within a local secure zone established by the network local security 
bridge. The second side includes remote secure zone host devices within remote 
secure zones established by network remote security bridges (see Jacobson's 
abstract). Besides, data encryption and decryption for secure communication between 
hosts in a network has existed for many years. In these types of networks (i.e. many 
networks, more than one networks), each host device is burdened with encrypting 
outgoing data and decrypting incoming data (column 1, lines 7-12 of Jacobson). In 
addition, Boyle also teaches two private networks (i.e., plurality of networks, more than 
one networks) as shown in Figure 2 of Boyle's invention (column 4, lines 51-55 of 
Boyle) 

Applicant further argues that: 

Boyle, either alone or in combination with Jacobson, also does not 
disclose or suggest the feature of routing security information. 
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Examiner again disagrees with the applicant and still maintains that: 
The combination of teaching between Jacobson and Boyle teaches the 
claimed subject matter. Referring again to Figures 2 and 4a-4c, the data packet 
forwarder 21 1 selects the source key by first identifying from the identification table 230 
the IP address of the network remote security bridge that establishes the remote secure 
zone which contains the remote secure zone host specified by the parsed IP source 
address. Then, it selects the source key in the key table 232 that corresponds to the 
network remote security bridge that it just identified. After the source key has been 
selected, the data packet forwarder calls up the encryptor/decryptor 233 and passes to 
it the pointer to the received data packet. The encryptor/decryptor in response decrypts 
the IP data frame of the received data packet with the selected source key using the 
DES table 234 contained in the library 216 in accordance with known DES 
encryption/decryption techniques (block 438 of Figure 4b). The encryptor/decryptor 
then alerts the data packet forwarder that the IP data frame of the received data packet 
has been decrypted. The data packet forwarder then returns control to the operating 
system 210, alerts the operating system that the received data packet has been 
processed and is to be forwarded to the side opposite from where it was received, and 
also passes to the operating system the pointer to the received data packet (block 408 
of Figure 4c) (column 7, lines 54-67 through column 8, lines 1-10 of Jacobson). 
Although Jacobson does not explicitly point out the distribution and/or routing of security 
information between the first network and the second network, Boyle teaches referring 
to Figure 2, a variation is shown employing SNIUs for internetwork connections. A 
bridge SNIU is used between two private networks (shaded ovals) using the same 
security labeling semantics but which operate at two different protection levels. The 
networks may be controlled by a single network security manager SM, or each network 
can have its own security manager SM. A gateway SNIU is used between two networks 
using different security labeling semantics, for example, a Type A network may use 
labels (Top Secret, Secret, Confidential, Unclassified) and a Type B network may use 
the labels (Most Secret, Secret, Restricted, Confidential, Releasable). A guard SNIU is 
used to support communications between a private network and a public network. The 
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network security system of the invention is divided into two major functional areas: the 
Trusted Session Protocol (TSP) hosted by the SNIU, which is responsible for the 
management of the data path and the passing of data; and the Security Management 
architecture, consisting principally of the Security Manager (SM), which is responsible 
for security management of the network (column 4, lines 51-67 through column 5, lines 
1-4 of Boyle). 

In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, The combination 
of teaching between Jacobson and Boyle is sufficient. 

Applicant further argues that: 

The cited references, Jacobson and Thomas, either alone or in 
combination do not disclose or suggest all the feature of providing said routing and/or 
access point to a subscriber in a visited network by virtue of a roaming agreement 
between the operator of the visited network and the operator of the subscriber's home 
network. 

Examiner again disagrees with the applicant and still maintains that: 
The combination of teaching between Jacobson and Thomas teaches the 
claimed subject matter. As mentioned above, Jacobson teaches a network local 
security bridge and corresponding method for bridging a first side of a network and a 
second side of the network. The first side includes local secure zone host devices 
within a local secure zone established by the network local security bridge. The second 
side includes remote secure zone host devices within remote secure zones established 
by network remote security bridges (see Jacobson's abstract). Although Jacobson does 
not explicitly discuss accessing point to a subscriber in a visited network by virtue of a 
roaming agreement between the operator of the visited network and the operator of the 
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subscriber's home network. Thomas teaches allowing a H.323 compliant user to roam 
to another H.323 compliant network that is recognized by that users home gatekeeper. 
After arriving at the visited network, the roaming user registers with a visited 
gatekeeper. The visited gatekeeper authorizes the registration by determining the 
network of the roaming user and that a roaming agreement exists between the 
visited and home network (column 6, lines 20-27 of Thomas). Furthermore, 
Thomas's invention is directed to the method of and apparatus for completing 
multimedia calls over a packetized data transmission link to a roaming user currently 
located in a network foreign to the users home network (see Figure 2-4 of Thomas for 
more details). 

In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, The combination 
of teaching between Jacobson and Thomas is sufficient. 

Jacobson, Boyle, and Thomas do not need to disclose anything over and 
above the invention as claimed in order to render it unpatentable or anticipate. A 
recitation of the intended use of the claimed invention must result in a structural 
difference between the claimed invention and the prior art in order to patentably 
distinguish the claimed invention from the prior art. If the prior art structure is capable of 
performing the intended use, then it meets the claimed limitations. 

For the above reasons, it is believed that the rejections should be 

sustained. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
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MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



TBT 

December 9, 2005 



